File libgcrypt-fips_PKBKDF_missing_step1.patch of Package libgcrypt
Index: libgcrypt-1.6.1/cipher/kdf.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/kdf.c 2014-09-29 17:21:26.915174779 +0200
+++ libgcrypt-1.6.1/cipher/kdf.c 2014-10-01 18:05:12.881281604 +0200
@@ -126,20 +126,20 @@ _gcry_kdf_pkdf2 (const void *passphrase,
gpg_err_code_t ec;
gcry_md_hd_t md;
int secmode;
- unsigned int dklen = keysize;
+ unsigned long dklen = keysize;
char *dk = keybuffer;
unsigned int hlen; /* Output length of the digest function. */
- unsigned int l; /* Rounded up number of blocks. */
+ unsigned long l; /* Rounded up number of blocks. */
unsigned int r; /* Number of octets in the last block. */
char *sbuf; /* Malloced buffer to concatenate salt and iter
as well as space to hold TBUF and UBUF. */
char *tbuf; /* Buffer for T; ptr into SBUF, size is HLEN. */
char *ubuf; /* Buffer for U; ptr into SBUF, size is HLEN. */
- unsigned int lidx; /* Current block number. */
+ unsigned long lidx; /* Current block number. */
unsigned long iter; /* Current iteration number. */
unsigned int i;
- /* NWe allow for a saltlen of 0 here to support scrypt. It is not
+ /* We allow for a saltlen of 0 here to support scrypt. It is not
clear whether rfc2898 allows for this this, thus we do a test on
saltlen > 0 only in gcry_kdf_derive. */
if (!salt || !iterations || !dklen)
@@ -151,8 +151,10 @@ _gcry_kdf_pkdf2 (const void *passphrase,
secmode = _gcry_is_secure (passphrase) || _gcry_is_secure (keybuffer);
- /* We ignore step 1 from pksc5v2.1 which demands a check that dklen
- is not larger that 0xffffffff * hlen. */
+ /* Step 1 */
+ /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. */
+ if (dklen > 4294967295U)
+ return GPG_ERR_INV_VALUE;
/* Step 2 */
l = ((dklen - 1)/ hlen) + 1;